#!/usr/bin/env python3
# -*- coding: utf-8; py-indent-offset: 4 -*-
#
# Author:  Linuxfabrik GmbH, Zurich, Switzerland
# Contact: info (at) linuxfabrik (dot) ch
#          https://www.linuxfabrik.ch/
# License: The Unlicense, see LICENSE file.

# https://github.com/Linuxfabrik/monitoring-plugins/blob/main/CONTRIBUTING.md

"""See the check's README for more details.
"""

import argparse  # pylint: disable=C0413
import base64  # pylint: disable=C0413
import json  # pylint: disable=C0413
import sys  # pylint: disable=C0413

import lib.args  # pylint: disable=C0413
import lib.base  # pylint: disable=C0413
import lib.redfish  # pylint: disable=C0413
import lib.lftest  # pylint: disable=C0413
import lib.txt  # pylint: disable=C0413
import lib.url  # pylint: disable=C0413
from lib.globals import (STATE_CRIT, STATE_OK,  # pylint: disable=C0413
                          STATE_UNKNOWN, STATE_WARN)

__author__ = 'Linuxfabrik GmbH, Zurich/Switzerland'
__version__ = '2025041101'

DESCRIPTION = """Checks the System Event Log (SEL) of the Redfish Manager collection. Returns an
                 alert based on the severity of the messages."""

DEFAULT_INSECURE = True
DEFAULT_NO_PROXY = False
DEFAULT_TIMEOUT = 8
DEFAULT_URL = 'https://localhost:5000'


def parse_args():
    """Parse command line arguments using argparse.
    """
    parser = argparse.ArgumentParser(description=DESCRIPTION)

    parser.add_argument(
        '-V', '--version',
        action='version',
        version='%(prog)s: v{} by {}'.format(__version__, __author__)
    )

    parser.add_argument(
        '--always-ok',
        help='Always returns OK.',
        dest='ALWAYS_OK',
        action='store_true',
        default=False,
    )

    parser.add_argument(
        '--insecure',
        help='This option explicitly allows to perform "insecure" SSL connections. '
             'Default: %(default)s',
        dest='INSECURE',
        action='store_true',
        default=DEFAULT_INSECURE,
    )

    parser.add_argument(
        '--no-proxy',
        help='Do not use a proxy. '
             'Default: %(default)s',
        dest='NO_PROXY',
        action='store_true',
        default=DEFAULT_NO_PROXY,
    )

    parser.add_argument(
        '--password',
        help='Redfish API password.',
        dest='PASSWORD',
    )

    parser.add_argument(
        '--test',
        help='For unit tests. Needs "path-to-stdout-file,path-to-stderr-file,expected-retc".',
        dest='TEST',
        type=lib.args.csv,
    )

    parser.add_argument(
        '--timeout',
        help='Network timeout in seconds. '
             'Default: %(default)s (seconds)',
        dest='TIMEOUT',
        type=int,
        default=DEFAULT_TIMEOUT,
    )

    parser.add_argument(
        '--url',
        help='Redfish API URL. '
             'Default: %(default)s',
        dest='URL',
        default=DEFAULT_URL,
    )

    parser.add_argument(
        '--username',
        help='Redfish API username.',
        dest='USERNAME',
    )

    return parser.parse_args()


def main():
    """The main function. Hier spielt die Musik.
    """

    # parse the command line, exit with UNKNOWN if it fails
    try:
        args = parse_args()
    except SystemExit:
        sys.exit(STATE_UNKNOWN)

    # fetch data
    if args.TEST is None:
        if not args.URL.startswith('http'):
            lib.base.cu('--url parameter has to start with "http://" or https://".')

        # Authorization (if needed)
        header = {}
        header['Accept'] = 'application/json'
        if args.USERNAME and args.PASSWORD:
            auth = '{}:{}'.format(args.USERNAME, args.PASSWORD)
            encoded_auth = lib.txt.to_text(base64.b64encode(lib.txt.to_bytes(auth)))
            header['Authorization'] = 'Basic {}'.format(encoded_auth)

        # get the vendor to know which entry point to use
        result = lib.base.coe(lib.url.fetch_json(
            '{}/redfish/v1/'.format(args.URL),
            header=header,
            insecure=args.INSECURE,
            no_proxy=args.NO_PROXY,
            timeout=args.TIMEOUT,
        ))
        vendor = lib.redfish.get_vendor(result)

        if vendor == 'supermicro':
            entry_point = 'Systems'
        else:
            entry_point = 'Managers'

        # Entry point: Get the main data
        result = lib.base.coe(lib.url.fetch_json(
            '{}/redfish/v1/{}'.format(args.URL, entry_point),
            header=header,
            insecure=args.INSECURE,
            no_proxy=args.NO_PROXY,
            timeout=args.TIMEOUT,
        ))
    else:
        # do not call the command, put in test data
        args.TEST[0] += '-v1'
        stdout, _, _ = lib.lftest.test(args.TEST)
        result = json.loads(stdout)
        vendor = lib.redfish.get_vendor(result)

        args.TEST[0] += '-managers'
        stdout, _, _ = lib.lftest.test(args.TEST)
        result = json.loads(stdout)

    # "Members": [
    #     {
    #         "@odata.id": "/redfish/v1/Managers/BMC"
    #     }
    # ],
    if len(result.get('Members', [])) == 0:
        lib.base.cu('Nothing to check, no Redfish members found.')

    # init some vars
    msg = ''
    state = STATE_OK

    if vendor == 'generic':
        sel_path = '/LogServices/Log/Entries'
    elif vendor in ['avigilon']:  # which is a relabeled dell
        sel_path = '/LogServices'
    elif vendor in ['ami']:
        sel_path = '/LogServices/BIOS/Entries'
    elif vendor in ['cisco']:
        sel_path = '/LogServices/SEL/Entries'
    elif vendor in ['dell']:
        sel_path = '/LogServices/Sel/Entries'
    elif vendor in ['hpe', 'hp']:
        sel_path = '/LogServices/IML/Entries'
    elif vendor in ['lenovo']:
        sel_path = '/LogServices/ActiveLog/Entries'
    elif vendor in ['supermicro']:
        sel_path = '/LogServices/Log1/Entries'
    elif vendor in ['ts_fujitsu']:
        sel_path = '/LogServices/SystemEventLog/Entries'
    else:
        sel_path = ''

    member_count = 0
    # fetch and analyze data by following the "Members" found
    for member in result.get('Members', []):
        if not sel_path:
            continue
        member_count += 1
        if args.TEST is None:
            # For example {https://localhost:5000} {/redfish/v1/Managers/BMC} {/LogServices/Log/Entries}  # pylint: disable=C0301
            sel = lib.base.coe(lib.url.fetch_json(
                '{}{}{}'.format(args.URL, member['@odata.id'], sel_path),
                header=header,
                insecure=args.INSECURE,
                no_proxy=args.NO_PROXY,
                timeout=args.TIMEOUT,
            ))
        else:
            args.TEST[0] += '-vendor'
            stdout, _, _ = lib.lftest.test(args.TEST)
            sel = json.loads(stdout)
        member_msg, member_state = lib.redfish.get_manager_logservices_sel_entries(sel)
        if member_msg:
            msg += '{}\n{}\n\n'.format(member['@odata.id'], member_msg)
            state = lib.base.get_worst(state, member_state)

    if state == STATE_CRIT:
        msg = 'Checked SEL on {} {}. There are critical errors.\n\n'.format(
            member_count,
            lib.txt.pluralize('member', member_count),
        ) + msg
    elif state == STATE_WARN:
        msg = 'Checked SEL on {} {}. There are warnings.\n\n'.format(
            member_count,
            lib.txt.pluralize('member', member_count),
        ) + msg
    else:
        msg = 'Everything is ok, checked SEL on {} {}.\n\n'.format(
            member_count,
            lib.txt.pluralize('member', member_count),
        ) + msg

    # over and out
    lib.base.oao(msg, state, always_ok=args.ALWAYS_OK)


if __name__ == '__main__':
    try:
        main()
    except Exception:   # pylint: disable=W0703
        lib.base.cu()
